I-Symbiote, i-malware evumela i-backdoors kunye ne-rootkits ukuba ifakwe kwi-Linux

Los I-Intezer kunye nabaphandi be-BlackBerry bakhululiwe Kutshanje bafumene i-malware ngegama lekhowudi "symbiote", ephawulwa ngokusetyenziselwa ukutofa ngasemva kunye neerootkits kwiiseva zeLinux ezisengozini.

Le software enobungozi yafunyanwa kwiinkqubo zamaziko emali kumazwe amaninzi aseLatin America. Uphawu lwe-Symbiote lusasazwa njengethala leencwadi ekwabelwana ngalo, elilayishwa ngexesha lokuqaliswa kwazo zonke iinkqubo kusetyenziswa indlela ye-LD_PRELOAD kwaye ibuyisela ezinye iifowuni kwilayibrari eqhelekileyo.

Yintoni eyahlula iSymbiote kwenye i-malware yeLinux esihlala sidibana nayo kukuba kufuneka yosulele ezinye iinkqubo ezisebenzayo ukuze yenze umonakalo kwiikhompyuter ezosulelekileyo.

Kunokuba ibe yifayile ephunyezwayo emele yodwa eqhutywa ukusulela umatshini, yinto ekwabelwana ngayo (i-OS) ilayibrari elayishwe kuzo zonke iinkqubo ezisebenzayo nge-LD_PRELOAD (T1574.006) kunye ne-parasitically yosulela umatshini. Nje ukuba ichaphazele zonke iinkqubo ezisebenzayo, inika umlingisi woloyiko ngokusebenza kwe-rootkit, ukukwazi ukuqokelela iziqinisekiso, kunye nokukwazi ukufikelela kude.

Ukuze ukwazi ukufaka iSymbiote kwinkqubo, umhlaseli kufuneka abe nofikelelo lweengcambu, enokufunyanwa, umzekelo, ngenxa yokuxhaphaza ubuthathaka obungabhalwanga okanye ukukhwabanisa kwe-akhawunti. symbiotee ivumela umhlaseli ukuba aqinisekise ubukho bakhe kwinkqubo emva kwe-hack ukwenza uhlaselo olongezelelweyo, ukufihla umsebenzi wezinye ii-apps ezinobungozi, kwaye ulungiselele ukucatshulwa kwedatha ebuthathaka.

Ukufunyanwa kwethu kwangoko kweSymbiote kuqale ngoNovemba ka-2021, kwaye kubonakala ngathi kubhalelwe icandelo lezemali eLatin America. Nje ukuba i-malware yosulele umatshini, iyazifihla kunye nayo nayiphi na enye i-malware esetyenziswa ngumdlali wesoyikiso, okwenza kube nzima ukubhaqa usulelo. Ukwenza i-forensics ephilayo kumatshini owosulelekileyo kunokungavezi kwanto, njengoko i-malware ifihla zonke iifayile, iinkqubo, kunye nezinto zenethiwekhi. Ukongeza kwisakhono se-rootkit, i-malware ibonelela ngasemva kumdlali osongelayo ukuba angene njengaye nawuphi na umsebenzisi kumatshini onegama eliyimfihlo eliyimfihlo kwaye enze imiyalelo ngamalungelo aphezulu.

Abaphangi befowuni abakhohlakeleyo bafihla umsebenzi ezinxulumene nomnyango ongasemva, njengokungabandakanyi izinto ezizimeleyo kuluhlu lwenkqubo, vala ufikelelo kwiifayile ezithile kwi/proc, fihla iifayile kuluhlu, ungabandakanyi ilayibrari ekhohlakeleyo ekwabelwana ngayo kwimveliso yeldd (umsebenzi wokuphumeza uyabanjwa kwaye iifowuni zicazululwe nge-LD_TRACE_LOADED_OBJECTS eguquguqukayo yemekobume) azibonisi sokethi zenethiwekhi ezinxulumene nomsebenzi okhohlakeleyo.

symbiote ikwavumela ukugqitha ezinye iiskena zesixokelelwano sefayile, kuba ubusela bedatha enovakalelo bunokuqhutywa hayi kwinqanaba lokuvula iifayile, kodwa ngokuthintela ukufundwa kwemisebenzi yezi fayile kwizicelo ezisemthethweni (umzekelo, imisebenzi yokutshintsha ithala ikuvumela ukuba uthintele igalelo lomsebenzisi legama lokugqitha okanye iifayile ezilayishwe kwidatha. ukufikelela kwifayile yesitshixo).

Kuba inqabile kakhulu, usulelo lweSymbiote lunokuthi "lubhabhe phantsi kweradar." Kuphando lwethu, asifumananga ubungqina obaneleyo bokufumanisa ukuba i-Symbiote isetyenziselwa uhlaselo olubanzi okanye olujoliswe kakhulu.

Ukucwangcisa ukungena okude, I-Symbiote ibamba iifowuni zePAM (Imodyuli yoQinisekiso ePluggable), ekuvumela ukuba uqhagamshele kwinkqubo nge-SSH ngeziqinisekiso ezithile zohlaselo. Kukwakho nokhetho olufihliweyo lokunyusa amalungelo akho kwiingcambu ngokucwangcisa i-HTTP_SETTHIS eguquguqukayo.

Ukukhusela ekuhlolweni kwetrafikhi, imisebenzi yelayibrari ye-libpcap ichazwa ngokutsha, ukufundwa kwe-/proc/net/tcp kuyahluzwa, kwaye ikhowudi eyongezelelweyo ifakwe kwiiprogram ze-BPF ezilayishwe kwi-kernel.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nenqaku, unokujongana nenqaku lokuqala kwi ukulandela ikhonkco.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.